[6-15]Dynamic Program Analyses and Their Applications

文章来源:  |  发布时间:2016-06-14  |  【打印】 【关闭

  

  Title: Dynamic Program Analyses and Their Applications 

  Speaker: Xiangyu Zhang (Purdue University) 

    

  Time:  9:30 am, June 15th, 2016 

  Venue:  Seminar Room (334), Level 3, Building 5, Institute of Software, Chinese Academy of Sciences. 

    

    

  Abstract: 

  Dynamic program analyses analyze runtime information collected during program execution.  

  They can be classified to two categories: temporal analysis that inspects execution history and spatial analysis that studies states of program execution (e.g., memory states and disk states).  

  They have a wide range of applications in various areas such as software debugging, testing and security. 

    

  In this talk, I will introduce a number of dynamic analysis projects in my group.  

  Particularly, I will present three kinds of temporal analyses: (1) audit logging; (2) forced execution; and (3) dual execution. Audit logging analyzes software system behavior by inspecting their system level event traces such as file reads/writes and sockets sends/receives. It is critical for understanding advanced security attacks to enterprise systems. Forced execution forces a program to execute even when the required environmental and input conditions are not satisfied. It is highly-effective in disclosing hidden malicious logic in executable programs. Dual execution couples two slightly different executions of a program so that they proceed concurrently in a synchronous fashion. It allows fine grained on-the-fly execution comparison that enables information leak detection and attack detection.  

    

  I will also introduce memory forensic analysis, which is a kind of spatial analysis.  

  It inspects the memory snapshot of a process to recover critical information such as the files that are being edited in a document processing software, the ongoing conversation in a social-networking software, and the pictures that were taken by a camera app in the past but not saved to disk. Such information is extremely useful in attack investigation. 

    

  Bio: 

  Xiangyu Zhang is a full professor at Purdue University. He received his PhD degree in the University of Arizona in 2006. He is currently supervising 13 PhD students, working on dynamic and static program analysis and their applications in debugging, testing, forensic analysis, and data processing. He is a Purdue University Scholar. He has received the 2006 ACM SIGPLAN Distinguished Doctoral Dissertation Award, NSF Career Award, ACM SIGSOFT Distinguished Paper Awards, Best Student Paper Award on USENIX'14, Best Paper Award on CCS'15 and Distinguished Paper Award on NDSS'16.